A server, such as a web server or a database server, frequently communicates with and/or provides data to clients, such as web browsers. For example, web browsers may each transmit one or more web requests, such as a hypertext transfer protocol (HTTP) GET request, to the server. Each of the web requests may correspond to a request to receive data, such as, for example, a web page, an image, a video, or other piece of content. Upon receiving the web requests, the server can transmit the requested data to the respective clients such that each of the clients may display the results on a computer or other type of internet-enabled device that supports the client. To establish communication between the server and a client, the initiating party, the client or the server, has information to contact the other party, such as a computer name, web address, or IP address and other information to ascertain the identity of the other party, such as a certificate or other credentials. In order to ensure that communication between the server and the clients is secure, guarantees can be made that the communication sessions between the server and clients are secure. For example, the communication sessions can be secure by providing privacy and integrity.
Moreover, secure communication can be established when there is a confirmation that the client computer is actually the client identified by the client identifiers and/or the client certificate. Transport Layer Security (TLS) provides secure communication between the server and clients by using such client and server identifying information. However, TLS can only afford such security if the client certificate, for example, has been shared with the server prior to attempting to communicate (i.e., mutual authentication). Further, most applications using TLS approach security from the perspective of the client, wherein a verification is made to ensure that the client is communicating with the correct server. However, because it is possible for networks and computers to be compromised, when a server needs verification that it is communicating with the correct client, the server cannot be certain that the client it contacts on a network or the client contacting the server is really the one matching the client identifiers used to contact the server. The server cannot be certain even when the server has authenticated itself with the client using some form of credentials, such as a user name and/or a password, and even if the communication channel is secured by TLS.